Hello there. I've been getting more and more users onto Retool recently and have an annoying problem with the invite links. We're running an on-premise instance and our Outlook users have their links wrapped in some microsoft-security stuff "safelinks.protection.outlook.com..." I'll work with my IT team on that one.
The backup copy-paste link at the bottom has an insecure "http" url and fails in Chrome. Shouldn't that be "https" in this day and age?
Hi @mikec!
From your link there, it looks like you are using the self-hosted version of Retool- is that correct?
If that is case, the URL used in invitations is populated by the BASE_URL environment variable. Can you check whether it is defined as HTTP there?
Hi @alex-w . Yes this is a self-hosted version of Retool. Updated BASE_DOMAIN and BASE_URL to secure versions but when testing, we are still getting non-secure links in the invite emails. On version 2.89.11. Any other ideas?
@ben was able to sync on this separately, in this case the issue ended up being the COOKIE_INSECURE environment variable being set to true, which is used when hosting retool on a non HTTPS domain or a raw IP address
COOKIE_INSECURE: Sends auth requests with insecure cookies — set to true if hosting Retool on a non-HTTPS URL or raw IP address. This is typically used if you haven’t deployed Retool on a custom domain yet.